Fork me on GitHub

Build Status Coverage Status Coverity Codacy Badge Maven site License: Apache 2.0 Maven Central Javadocs

Secured Properties

Encrypt and Decrypt secret values (e.g. passwords) in properties files

Basic Idea

The password in a property file should be encrypted by a secret key, stored somewhere save.

This secret file could be stored in:

  • The user home folder (at least obfuscating is better then plain-text)
  • A virtual mounted encrypted Drive. e.g.: Veracrypt
  • A hardware encrypted Drive. e.g.: Corsair Padloc

“Secured Properties” can only be as save as the location of the secret key.


The Property file “”:

mySecretPassword = test

The Java code:

 // prepare custom config
 final SecuredPropertiesConfig config = new SecuredPropertiesConfig()
        .withSecretFile(new File("G:/mysecret.key"))

 // auto-encrypt values in the property-file:
         new File(""), // The Property File
         "mySecretPassword"); // the property-key from ""

 // read encrypted values from the property-file
 String secretValue = SecuredProperties.getSecretValue(config,
         new File(""), // The Property File
         "mySecretPassword"); // the property-key from ""

will return “test” as secretValue and automatically encrypt the value in the property file.

After the first run the Property file will looks similar to the following:

mySecretPassword = {wVtvW8lQrwCf8MA9sadwww==}

This encrypted password can now be read only in combination with the secret file “G:/mysecret.key”

Get multiple values at ones

It is also possible to encrypt multiple values at ones:

  // custom configurations
  final SecuredPropertiesConfig config = new SecuredPropertiesConfig()
        .withSecretFile(new File("G:/mysecret.key"))

  Map secretValues = SecuredProperties.getSecretValues(config
      new File(""), // The Property File
      "mySecretPassword", "anotherSecretPassword"); // the property-keys in "" 

The returned Map contains the decrypted passwords for the two keys “mySecretPassword”, “anotherSecretPassword”.

Manual Encryption/Decryption

In some cases you don’t want encrypt/decrypt values from Properties Files.

This example shows how values from System Properties are encrypted/decrypted:

    String systemPropPassword = System.getProperty(key);
    if (SecuredProperties.isEncryptedPassword(systemPropPassword)) {
        return SecuredProperties.decrypt(config, systemPropPassword);
    } else if (StringUtils.isNotEmpty(systemPropPassword)) {
        System.out.println(String.format("you could now use the following encrypted password: -D%s=%s", key,
            SecuredProperties.encrypt(config, systemPropPassword)));
        return systemPropPassword;
    } else {
        return null;

Default Configurations

new SecuredPropertiesConfig() is a valid Configuration with following default behaviors:

  • secretFile default location: “%user_home%/.secret/securedProperties.key”
  • autoCreateSecretKey If the secret key doesn’t exists, it will be created automatically
  • allowedAlgorithm AES-256, AES-192, AES-128, DESede-168, DESede-128: The first algorithm supported by the java-VM will be used to create the initial secret key.

All this configurations can be customized by the